European Data Protection rules were launched back in 2018, to protect the confidentiality of our personal data but even four years later, there is still a lack of understanding among companies and consumers about how to comply with the best practices. Big tech companies, like Google or Amazon, usually refer to the acronym GDPR, to explain the rules that verify the data, so it is not used inappropriately, but to add details to create confusion. In the past we have provided you with an eCommerce GDPR guide, in today's blog, we will speak about a new certification system which simplifies the comprehension for businesses and citizens, to avoid penalties. 

     First of all, the European Data Protection Board (EDPB) was in charge of enforcing a GDPR scheme for the first time. This will allow individuals to get certification from an approved accreditation body to prove to the EU and customers that they are GDPR compliant.

Third-party validation

The European research project co-founded by the European Commission and Switzerland, best known as the Europrivacy organization, is the first to have its GDPR certification scheme endorsed by the EDPB.‚Äč‚ÄčLong story short, it says this will help organizations handle the complicated business of GDPR compliance and certification. Dr. Sebastien Ziegler, Europrivacy Chair and President of the Internet of Things Forum, stated that data is really processed according to the GDPR requirements, even if there are over 70 references to the certification. Moreover, the move implies that Europrivacy certificates will be recognized by the EU and European Economic Area Member States. This also removes the confusion of GDPR- as initially data protection compliance was supervised by national supervisory authorities.

    Europrivacy considered that the new system can support companies to be more proactive in acquiring independent third-party validation on how they process data and comply with EU privacy rules.  
    Furthermore, Ziegler said that the scheme will not only support big companies, but also the small and medium-sized ones and public bodies, as well as citizens.“One of the GDPR requirements is really to ensure someone who is collecting or processing personal data should and has the right to inform the data subject in clear and understandable terms.”A company or public organization would archive how it is complying with the GDPR and moreover, how an approved certification body would examine this and certify its compliance. Ziegler stated that the certification will not be thought of as a scheme, but as a methodology to make GDPR more accessible to all and will continue to educate companies and citizens about changes and alterations to GDPR rules. He is also stating that the next step is to educate people, to understand compliance with data protection”.Moreover, Ziegler concluded that better communication with citizens and companies was required to create a dialogue to understand what is needed to make GDPR clearer.

To conclude, GDPR's purpose in 2022 is to be better understood and manageable by both end-users and companies. Follow Kooomo Blog to be continuously updated with the newest GDPR news.